Telehealth - HIPAA Zoom
The HIPAA (Health Insurance Portability and Accountability Act) lays out privacy and security standards that protect the confidentiality of patient health information.
When video conferencing, the security architecture must provide end-to-end encryption so that transmitted data cannot be intercepted.
Zoom enables HIPAA Compliance, meaning the company is responsible for keeping patient information secure. Zoom does not have access to identifiable health information and protects and encrypts all audio, video, and screen sharing data. Zoom has signed a Business Associates Agreement with CSUN that certifies that they are HIPAA compliant.
Telehealth Guidelines for Seeing Patients/Clients Remotely
- All students, faculty and researchers must comply with relevant laws, regulations, ethical standards, and CSUN policies to ensure the confidentiality of clients.
- Field Faculty, supervising faculty, program coordinators, researchers and students will confirm that they have read and acknowledged written policies/protocols specific to their field around the use of technology and confidentiality.
- Take reasonable steps to maintain appropriate boundaries when using personal phone numbers or other electronic communication.
- Position web cameras so that others can only see your face - all visible confidential data must be removed from the camera view.
- Conduct all sensitive conversations in a private space. Be mindful of the potential for family members or bystanders to overhear any portion of your discussions.
- Record keeping of video-conferencing interactions should be similar to any other form of client interactions.
- A consent form must be obtained via conversation and written/online. The student must disclose to client the risks and benefits of recording (if recording).
- Must attempt to verify the location and residence of their clients in order to avoid crossing state lines if licensing applies only to the resident state.
FAQs
Yes. Users will continue to log into zoom using the same login and workflow. The difference is on the back end where additional security features are enabled.
HIPAA Zoom will require a meeting password, that users will be required to use.
They can continue to change some settings, but will find other settings disabled, or locked (Encryption, Password, etc).
Yes, all meetings hosted by that user will conform to the HIPAA Guidelines.
Correct, it is determined by the host.
After a user signs in, I have to manually go in and assign the license, I am trying to check 2-3 times a day and move those users over. They will then have the full license.